{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-31630", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-05-25T21:03:32.861Z", "datePublished": "2022-11-14T06:53:06.774Z", "dateUpdated": "2024-08-03T07:26:01.044Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["gd"], "product": "PHP", "repo": "https://github.com/php/php-src", "vendor": "PHP Group", "versions": [{"lessThan": "7.4.33", "status": "affected", "version": "7.4.x", "versionType": "custom"}, {"lessThan": "8.0.25", "status": "affected", "version": "8.0.x", "versionType": "custom"}, {"lessThan": "8.1.12", "status": "affected", "version": "8.1.x", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "gd extension"}], "value": "gd extension"}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "cmb@php.net"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "cmb@php.net"}], "datePublic": "2022-10-24T06:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. "}], "value": "In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.\u00a0"}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-131", "description": "CWE-131 Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-04-02T02:38:25.144Z"}, "references": [{"url": "https://bugs.php.net/bug.php?id=81739"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=81739"], "discovery": "INTERNAL"}, "title": "OOB read due to insufficient input validation in imageloadfont()", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:26:01.044Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.php.net/bug.php?id=81739", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B99259-5C66-4AEF-B500-1F775B6CCA06", "versionEndExcluding": "7.4.33", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "795EC7FC-4A42-4D2B-A900-02CA7770E515", "versionEndExcluding": "8.0.25", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BFF2544-41D1-41F6-A116-F7069789A585", "versionEndExcluding": "8.1.12", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.\u00a0"}, {"lang": "es", "value": "En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la funci\u00f3n imageloadfont() en la extensi\u00f3n gd, es posible proporcionar un archivo de fuente especialmente manipulado, como si la fuente cargada se usa con imagechar() funci\u00f3n, se utilizar\u00e1 la lectura fuera del b\u00fafer asignado. Esto puede provocar fallos o divulgaci\u00f3n de informaci\u00f3n confidencial."}], "id": "CVE-2022-31630", "lastModified": "2024-11-21T07:04:53.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "security@php.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-14T07:15:09.467", "references": [{"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81739"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81739"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-131"}, {"lang": "en", "value": "CWE-190"}], "source": "security@php.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0848", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:8.0-8070020230118114629.ef331662", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:2903", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8080020230118140634.cc342424", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0965", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php-0:8.0.27-1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:2417", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php:8.1-9020020230120141750.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "php: OOB read due to insufficient input validation in imageloadfont()", "id": "2139280", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139280"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-20->CWE-125", "details": ["In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.\u00a0", "An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system."], "name": "CVE-2022-31630", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}], "public_date": "2022-10-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-31630\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31630\nhttps://bugs.php.net/bug.php?id=81739\nhttps://www.php.net/ChangeLog-8.php#8.0.25"], "threat_severity": "Moderate"}